Compliance Expertise Needed on the Board

The Case for a Compliance SME

Just as it wouldn’t be wise to have a tax attorney negotiate a bribery settlement, you don’t want someone with minimal compliance experience serving as your board’s subject matter expert on compliance. The DOJ has continually stressed the importance of having a compliance expert on the board, and it will only be a matter of time before the SEC follows suit.

By: Tom Fox

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

This week I have been exploring the different types compliance committees an organization can utilize to help effect a best practices compliance program. I have written about compliance committees at the board of director level; at the junction between the chief compliance officer (CCO) and the board, the Oversight Committee; and at the business unit level and the Baker Hughes Inc. (BHI) GeoMarket Compliance Committee. Today I want to change this focus from the committee concept and structure to a role on the compliance committee at the board of directors level.

Every board of directors needs a true compliance expert sitting on the board. Almost every board has a former chief financial officer (CFO), former head of internal audit or persons with a similar background, and often times these are also the audit committee members of the board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance-based issues. So why is there not such subject matter expertise at the board level from the compliance profession?

One board of directors that has been in the news quite a bit recently is the Wells Fargo board. I reviewed the 15-member board and found the following backgrounds, in addition to the current CEO: two former Cabinet secretaries, one retired General, two university deans, one partner at a Big 3 audit firm and eight current or former chief executive officers (CEOs). In short, none of these board members at this $230 billion company had any demonstrable subject matter expertise in compliance. Is it really any wonder that it took more than two years, with knowledge about the fraudulent accounts scandal, for the board to act when it accepted the resignation of former CEO John Stumpf?

An arm of the U.S. government has recognized the need for such expertise at the board level. In 2015, the Office of Inspector General (OIG), in a publication entitled “Practical Guidance for Health Care Governing Boards,” called for greater compliance expertise at the board level. The OIG said that a board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the board a compliance member. The presence of a such a compliance professional with subject matter expertise “on the board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other board members and helps the board better fulfill its oversight obligations.”

Mike Volkov looked at it from both a practical and business perspective. In a blog post on Corporate Compliance Insights (CCI), entitled “Compliance Expertise in the Boardroom,” he said, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” He went on to note, “Companies spend time and resources to nominate board members who bring a real value to the boardroom. The mix of board members reflects the company’s overall strategic priorities and focus for governance. For example, the nominating committee will locate a board candidate with financial reporting, audit and SOX expertise to manage the audit committee. Each board member should be considered for a strategic purpose and benefit.”

Roy Snell sees it through the prism of the compliance profession. In a post, entitled “Compliance Expertise on Your Board,” he said, “If you ask most companies if they have compliance expertise on their board… most would say yes. When asked who the compliance expert is, they typically point to a lawyer, auditor, risk manager or an ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties. You would not have a tax attorney negotiate a bribery settlement. Likewise, you would not have just any lawyer provide compliance expertise.”

He goes on to state that what regulators want to see is specific compliance expertise at the board level. He noted, “what the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Ethicists help build ethical cultures, but if they have never held the job of a compliance officer, it’s difficult to hold them out as compliance experts. The same is true for risk managers and auditors. Law, ethics, risk and audit are all elements of a compliance program, but experience in those professions is not enough to claim expertise in the compliance profession as a whole.”

There are professionals dedicated to the practice of compliance who have senior management experience. Moreover, as the compliance profession has matured, not only have we moved to Compliance 2.0 and beyond, we have a new generation of leadership in the field of compliance. But that also means those persons who helped create the compliance profession in the 1990s and the 2000s are now older and have gone on to the most senior levels of their organization. Roy Snell, Joe Murphy, Odell Guyton, Debbie Troklus and Marjorie Doyle are all names well known in the compliance field who have worked at senior levels of corporate America and would make excellent directors more than capable of heading a board of directors’ compliance committee.

Hui Chen, the Department of Justice (DOJ) Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones that businesses must work to literally burn compliance into the fabric and DNA of their organization. Having a board member with specific compliance expertise heading a board-level compliance committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and Securities and Exchange Commission (SEC) begin to require this step in any Foreign Corrupt Practices Act (FCPA) enforcement action resolution. This means that when your company is evaluated by Chen under the factors set out in prong three of the pilot program to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you’ll need to have not only the structure of the board-level compliance committee, but also the specific subject matter expertise on the board and on that committee.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.